|
Bowen Siow
|
October 6, 2014 at 10:52 am
Recently i find out there is a lot data seem like malicious code in the table wp_options with the name _transitions_ee_xxxxxxx
It make the website generate a random words which make it look like get hacked or something.. anyone know about this?
|
|
Lorenzo Orlando Caum
|
October 6, 2014 at 11:49 am
Hi Bowen,
I believe transitions should be transients. Event Espresso uses WP transients:
http://codex.wordpress.org/Transients_API
It make the website generate a random words which make it look like get hacked or something.. anyone know about this?
Could you tell us more about where the random words are appearing and are you on the latest software?
—
Lorenzo
|
|
Bowen Siow
|
October 6, 2014 at 11:57 am
Hi,
Ya, i think i makes some mistake .. its transients..
Hmm.. not, i was on version 4.3.0.p. So the key is belong to Event Espresso?
The random words appear on top of every page at Firefox only(afaik) with words and links like “casino”, “drugs”, etc etc.. So i tried to remove it using css .. and the day after, those words appear on every content which not top of each page only.
So i tried to search all over the web and i found the data was from wp_options.
|
|
Lorenzo Orlando Caum
|
October 6, 2014 at 12:22 pm
Hi Bowen,
Could you update to the latest version?
https://eventespresso.com/wiki/ee4-changelog/
Next, does your site receive a lot of spam related comments? If so, are you using something like Akismet to reduce these spam comments?
—
Lorenzo
|
|
Bowen Siow
|
October 6, 2014 at 12:37 pm
Hi Lorenzo
Ya, i will update it to latest version.. then the key is belong to event espresso transient? Can i know what the usage there?
Not really got any other spam because i had turned off the comment module. When i search all database table entry with the keyword “casino” etc, its all inside wp_options table
here is one of the entry. The IP do not belong to my country
(79195,’_transient_ee_ssn_gsneloiug427c3aaqia23sq1i0′,’s:421:\”a:7:{s:2:\”id\”;s:26:\”gsneloiug427c3aaqia23sq1i0\”;s:7:\”user_id\”;N;s:10:\”ip_address\”;s:21:\”178.154.150.210:0:0:0\”;s:10:\”user_agent\”;s:64:\”Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)\”;s:11:\”init_access\”;i:1412316879;s:11:\”last_access\”;i:1412316879;s:13:\”pages_visited\”;a:2:{i:0;s:52:\”http://[my dns]/ruleta-de-casino-online\”;i:1;s:52:\”http://[my dns]/ruleta-de-casino-online\”;}}\”;’,’no’),
|
|
Lorenzo Orlando Caum
|
October 6, 2014 at 1:16 pm
Hi Bowen,
On earlier versions of Event Espresso, a transient would be created for each page load. With the latest versions, this no longer occurs.
The example that you provided is from the yandex search bot:
http://help.yandex.com/search/robots/logs.xml
http://help.yandex.com/search/robots/check-robot.xml
—
Lorenzo
|
|
Bowen Siow
|
October 6, 2014 at 9:29 pm
Hi
Yes, i know the Yandex bot.. it do save extra information which its weird.. i will try update to latest version and try..
|
|
Josh
|
October 7, 2014 at 8:37 am
Hi Bowen,
What’s likely happening here is your site is getting hit by bots, and EE is making a record of this in the options table. The transients are intended to keep track of the ticket buying process. I can suggest setting up a few rules on .htaccess to block that bot:
http://www.webhostingtalk.com/showthread.php?t=924727
|
